[strongSwan] strongswan and a windows7 client without cert
nikky at minus273.org
Sat Jun 18 15:00:20 CEST 2011
I would very much like to setup a strongswan VPN gateway, which
authenticates Windows 7 clients with only a username and password via
Radius server (freeradius), and with no certs whatsoever. Is that
Currently I get to a point, where the Freeradius server receives an
Access-Request via strongswan, but the username there is the IP
address, which the client has - e.g. '=C0=A8=C9=0C' for 192.168.201.12.
As a result, no successful authentication is done.
Here's part of the strongswan's config:
So, the last thing I see in the logs from strongswan, is this:
Jun 18 13:46:28 vpnserver charon: 01[CFG] sending RADIUS Access-Request to server 'primary'
Jun 18 13:46:28 vpnserver charon: 01[CFG] received RADIUS Access-Challenge from server 'primary'
Jun 18 13:46:28 vpnserver charon: 01[IKE] initiating EAP_RADIUS method (id 0x01)
Jun 18 13:46:28 vpnserver charon: 01[IKE] peer supports MOBIKE
Jun 18 13:46:28 vpnserver charon: 01[IKE] no private key found for 'XX.XX.XX.68'
Jun 18 13:46:28 vpnserver charon: 01[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Jun 18 13:46:28 vpnserver charon: 01[NET] sending packet: from XX.XX.XX.68 to YY.YY.YY.216
>From this I'm guessing, that in fact I need a certificate,
nevertheless. Is it possible to have the strongswan daemon relay the
username to the freeradius daemon intact?
More information about the Users